Two-factor authentication requires users to verify themselves through two different authentications to better secure their accounts and privacy. It is a commonly used and recommended security protocol as it adds an additional layer of security, making it more difficult to compromise.
However, a group of hackers (APT20) has managed to bypass 2FA in attacks against industry targets.
These cyberattacks targeted multiple countries including Brazil, America, England, China, Spain, Italy, Germany, Portugal, Mexico, and France where the primary targets were healthcare, finance, insurance, and aviation companies.
In one of APT20’s attacks, the group successfully breached an unnamed company’s highly secured 2FA protocol and obtained software tokens to generate legitimate software license keys at will.
They used web servers in combination with VPNs as an initial point of entry to cover their tracks. They made use of already existing hardware tools on the target system instead of using customized malware as well. This is how the attack managed to stay undetected for a long time since using malware would’ve immediately flagged their activity.
However, while 2FA getting compromised is indeed concerning news, it is a highly sophisticated process that is relatively rare. Thus, this is no reason to stop using 2FA entirely especially since it is still one of the more robust security systems compared to the rest.